Improve Windows Update reporting

In the last year, I create a PowerShell script that improved the overall admin experience of Windows Update for Business. You can find the post here.

Now, I worked on improving the report functionality. For this I added several registry keys to track and provide the right installation status.

Under the WindowsUpdate key, there are now two different keys added.

  1. Status
    The status will provide an overall patch status of the system
  2. KBs
    Will show the current installation of all installable or already installed updates – together with the installation time.

This is the “Status” key:

Description of the provided registry keys:

  1. Installed KBs:
    All KBs that are installed – take a look at this post to review how the installation gets detected.
  2. Last Update Scan:
    Last time the script was executed – independent of any update download or installation.
  3. Open Pending Updates:
    True or False – If the device is not fully patched, the value will be true.
  4. Pending Definition Updates
    Count of the current Definition Updates that are not installed
  5. Pending Feature Updates
    Count of the current Feature Updates that are not installed
  6. Pending Security Updates
    Count of the current Security Updates that are not installed
  7. Pending Update Rollups
    Count of the current Update Rollups that are not installed
  8. Pending Updates
    Count of current Updates that are not installed
  9. Pending Reboot
    True or False – if a reboot is pending, the value will be true
  10. Total Installed KBs
    Count of all installed KBs
  11. Total Missing Updates
    Count of all pending updates

You can access the via Workspace ONE Sensors. I created an import script to import all the available sensors. You find the sensors and the import script on GITHUB. I also added the hostname since in Dashboards there is for now (25. January 2022) no option to combine Sensor Data with Workspace ONE UEM data. As resolution I added the hostname to the sensors. With this data you have a better overview of the Windows Update patch status of your environment.

With the data synchronized to Workspace ONE Intelligence we can create nice dashboards like this:

For specific KB’s you can query the registry keys below the

HKLM:\SOFTWARE\Policies\Custom\WindowsUpdate\Status\KBs

There you’ll find all the installed KB’s and the corresponding installation status.

Written by
+ posts

Empowering customers in client management since 2012.
Empowering customers in modern management since 2018.

2 thoughts on “Improve Windows Update reporting

  • jayesh
    2022-07-27 at 17:01

    Hello,
    greetings,
    how can I create a list of all installed software names using the sensor in workspace one
    I want to create a report for the installed software and its uninstalled string
    please reply as soon as possible
    thank you!

    • Grischa Ernst
      2022-09-28 at 08:39

      Sensors are only support string today.
      You would need to create a sensor per application

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*
You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

BCF Shop Theme By aThemeArt.
BACK TO TOP